eBay’s StubHub Hit by Cyber Thieves

UPDATE: Six people have been charged with running a StubHub tickets scam. Here’s the latest.

* * *

Getty Images

Hackers found their way into more than 1,000 of StubHub’s customer accounts and fraudulently bought tickets through the online seller, the Associated Press reports. It’s the latest in a string of hacking attacks that have hit major retailers such as Target in recent months.

StubHub, a unit of eBay, said its security defenses weren’t breached. Instead, the cyber thieves used keyloggers and malware to infiltrate the ticket seller’s customer accounts. The AP reports:

StubHub, which is based in San Francisco, said that the thieves didn’t break through its security — rather, they got account-holders’ login and password information from data breaches at other websites and retailers or from key-loggers or other malware on the customers’ computers, spokesman Glenn Lehrman said.

The company detected the unauthorized transactions last year, contacted authorities and gave the affected customers refunds and help changing their passwords, he said.

It’s unclear whether the digital prowlers then exploited their access to scoop up more information from the compromised accounts. The company and the law enforcement official wouldn’t give further details Tuesday.